July 8, 2017

Subscribe

Hacking Team is back

by John_A

When you call yourself “Hacking Team,” you’re borrowing a legacy of persecution and suffering at the hands of legal authorities. The same kind that drove Aaron Swartz to become the most famous hacker suicide of our era.

You’re effectively wrapping yourself in a mantle bled into by the skins of coders and crackers who are considered criminals by wider society — regardless of innocence. You’ve grafted your brandished title — “Hacking Team” — onto the backs of those living under the oppressive fear of being rounded up, stripped of rights, and imprisoned for vague, state-defined crimes.

Every hacker who has had to rename themselves as a “researcher” or “information security professional” for public consumption knows this. Their friends and heroes have served time for crimes of hacking both real and contrived at the hands of hostile governments.

Some people call themselves “hackers” to reclaim the stigma. Others do it because they’re pretentious dicks. It’s worse with Hacking Team, of course, because they were exposed by actual hackers for being bad at hacking, for helping governments target powerless people for contrived crimes, and also for being pretentious dicks. We even coined a term for it: Hackenfreude.

Surprise: With no sense of self-awareness, Hacking Team is back and they didn’t even bother to change their name.

Not content to leave well enough alone, Hacking Team resurfaced this week. They were discussed in a news item about Saudi Arabia hunting dissenters, and were also spotted cruising for more blood money at a “global policing” conference in Singapore called INTERPOL WORLD. Their business was, and still is, selling intrusion and surveillance software to governments and law enforcement around the world, peddling full-service surveillance suites that target individuals, network infections, monitoring, and more.

Look, they’re alive ! At Interpol World pic.twitter.com/FRGqtG47tv

— codelancer (@codelancer) July 5, 2017

When we last saw Hacking Team, they had just been royally owned. Two years ago this month, online persona PhineasFisher hacked the company (a Reporters Without Borders “enemy of the internet”) and distributed around 400GB of Hacking Team’s company files, while taking over their Twitter account and changing it to “Hacked Team.”

Because HT was so reviled by hackers, taking the company apart and spreading their innards across the web became a group effort. Global security research communities tore into the documents in waves around the clock; hackers created a GitHub repository named “Hacked Team (Hacking Team) We Kill People™.”

It was revealed that Hacking Team really did contribute to killing people with its bespoke services. Services tailored for the worst of the worst in human rights abusers in nearly three dozen countries around the world. We learned from the docs that Hacking Team also targets individuals on behalf of its clients.

One example of a typical Hacking Team client is Uzbekistan. When the documents were published, Hacking Team’s account with Uzbekistan’s National Security Service was active. “Uzbekistan’s human rights record is atrocious,” Human Rights Watch said. “Thousands are imprisoned on politically-motivated charges. Torture is endemic in the criminal justice system.”

The docs also contained emails confirming that the company sold its Remote Control System (RCS) spyware to Sudan, a country the company publicly denied selling to when it was questioned in front of a UN commission regarding Sudanese sanctions. During that period of Hacking Team’s employment for Sudan, Human Rights Watch said, “In addition to indiscriminate bombing, Sudanese government forces are getting away with abusive and illegal tactics under a guise of counterinsurgency, including rape, arbitrary detentions and killings.”

But that was then, and this is now. It’s worse, because whatever the hacktivism was supposed to do didn’t work, and also because Hacking Team has since been hired by one of Trump’s more terrifying buddies.

In late May of this year, a photo from Donald Trump’s trip to the Middle East surfaced, showing Trump, Saudi King Salman bin Abdulaziz, and Egyptian President Abdel Fattah el-Sisi laying hands on a glowing globe in a darkened room. The undeniably ominous image (“the orb”) was actually the official opening of Saudi Arabia’s Global Center for Combating Extremist Ideology.

When that photo was taken, the king had just fast-tracked his son Mohammed bin Salman to be Crown Prince and next in line to the throne (whom WSJ reported Trump has “embraced” in the role; the two had a March White House meeting prior to the trip). In fact, Prince bin Salman is the one who arranged Trump’s trip to Saudi Arabia.

Jump to this week, where it was reported that bin Salman has begun a crackdown on dissenters and activists, Hacking Team is working with him to help the government of Saudi Arabia in a move that will make its human rights record even more appalling.

It’s amazing that Saudi Arabia even thinks it needs to hire hackers at all. Antiterrorism regulations that took effect in 2014 are used to criminalize almost any form of peaceful criticism of the authorities as terrorism. That was the year Saudi Arabian pro-democracy blogger named Raif Badawi was sentenced to 10 years in prison and 1,000 lashes for the crime of “insulting Islam through electronic channels.”

In that year alone, authorities also detained and intimidated hundreds of online political activists and online commentators, implemented strict filtering mechanisms to block sensitive political content from entering the Saudi internet, recruited thousands of online supporters to warn against the call for protests and demonstrations as a countermeasure and continued to apply its excessive monitoring of internet users. Last year, the country carried out 157 public beheadings, from crimes ranging from drug offenses to apostasy (renunciation of a religious or political belief).

The story of Hacking Team was once a lulzy tale of what happens to harmful idiots in the face of hacktivism. But now it’s about how getting owned may very well serve as an advertisement of services; free publicity that gets you seen by those shopping for services rooted in horror.

Hacking Team’s name is an attempt at symbolism. The company was revealed to be bad smart people and bad stupid people working for really bad people, and now it is a symbol of something else entirely: Unstoppable success, built on a legacy of pain.

The pirate ship of hacktivism has crashed here.

The hacktivists get points for trying to take HT down. But all we’re left with is the sickening feeling that hacktivism has always been just another work of fiction we’re clinging to, in hopes someone will save us.